@@ -769,9 +769,14 @@ and initialize a fresh PKI here."
769769 init-pki complete; you may now create a CA or requests.
770770
771771 Your newly created PKI dir is:
772- * $EASYRSA_PKI
772+ * $EASYRSA_PKI "
773773
774+ if [ " $user_vars_true " ; then
775+ : # ok - No message required
776+ else
777+ notice " \
774778 IMPORTANT: Easy-RSA 'vars' file has now been moved to your PKI above."
779+ fi
775780} # => init_pki()
776781
777782# Copy data-files from various sources
@@ -863,31 +868,35 @@ install_data_to_pki () {
863868 set_var EASYRSA_EXT_DIR " $EASYRSA_PKI /x509-types"
864869 fi
865870
866- # If this is init-pki then create PKI/vars from PKI/example
867- case " $context " in
868- init-pki)
869- if [ -e " ${EASYRSA_PKI} /${vars_file_example} " ; then
870- [ -e " ${EASYRSA_PKI} /${vars_file} " || \
871- cp " ${EASYRSA_PKI} /${vars_file_example} "
872- " ${EASYRSA_PKI} /${vars_file} " || :
873- fi
874- ;;
875- vars-setup)
876- if [ " $found_vars " ; then
877- : # ok - Do not make a PKI/vars if another vars exists
878- else
871+ if [ user_vars_true ]; then
872+ : # ok - No PKI/vars required
873+ else
874+ # Create PKI/vars from PKI/example
875+ case " $context " in
876+ init-pki)
879877 if [ -e " ${EASYRSA_PKI} /${vars_file_example} " ; then
880878 [ -e " ${EASYRSA_PKI} /${vars_file} " || \
881879 cp " ${EASYRSA_PKI} /${vars_file_example} "
882880 " ${EASYRSA_PKI} /${vars_file} " || :
883881 fi
884- fi
885- ;;
886- ' '
887- die " install_data_to_pki - unspecified context"
888- * )
889- die " install_data_to_pki - unknown context: $context "
890- esac
882+ ;;
883+ vars-setup)
884+ if [ " $found_vars " ; then
885+ : # ok - Do not make a PKI/vars if another vars exists
886+ else
887+ if [ -e " ${EASYRSA_PKI} /${vars_file_example} " ; then
888+ [ -e " ${EASYRSA_PKI} /${vars_file} " || \
889+ cp " ${EASYRSA_PKI} /${vars_file_example} "
890+ " ${EASYRSA_PKI} /${vars_file} " || :
891+ fi
892+ fi
893+ ;;
894+ ' '
895+ die " install_data_to_pki - unspecified context"
896+ * )
897+ die " install_data_to_pki - unknown context: $context "
898+ esac
899+ fi
891900
892901 # Check PKI is updated - Omit unnecessary checks
893902 # [ -e "${EASYRSA_PKI}/${vars_file}" ] || return
@@ -2935,14 +2944,15 @@ vars_setup() {
29352944 # If the --vars option does not point to a file, show helpful error.
29362945 die " The file '$EASYRSA_VARS_FILE ' was not found."
29372946 fi
2947+ unset -v prog_vars pwd_vars easy_vars pki_vars expected_pki_vars
29382948
29392949 # Otherwise, find vars 'the new way' followed by 'the old way' ..
29402950 else
29412951 # if PKI is required
29422952 if [ -z " $no_pki_required " ; then
29432953
29442954 # Clear flags - This is the preferred order to find:
2945- unset -v e_pki_vars e_easy_vars e_pwd_vars e_prog_vars found_vars
2955+ unset -v e_pki_vars e_easy_vars e_pwd_vars e_prog_vars found_vars vars_in_pki
29462956
29472957 # PKI location, if present:
29482958 [ -e " $pki_vars " && e_pki_vars=1
@@ -2986,7 +2996,7 @@ Priority should be given to your PKI vars file:
29862996 [ " $prog_vars " && vars=" $prog_vars "
29872997 [ " $pwd_vars " && vars=" $pwd_vars "
29882998 [ " $easy_vars " && vars=" $easy_vars "
2989- [ " $pki_vars " && vars=" $pki_vars "
2999+ [ " $pki_vars " && vars=" $pki_vars " && vars_in_pki=1
29903000 fi
29913001 # END: Find vars
29923002 fi
@@ -3011,7 +3021,7 @@ recommended - please remove it from there before continuing."
30113021 fi
30123022
30133023 # Sanitize vars further but ONLY if it is in PKI folder
3014- if [ " $pki_vars " ; then
3024+ if [ " $vars_in_pki " ; then
30153025 # Warning: Single quote
30163026 if grep ' ^[[:blank:]]*set_var[[:blank:]]\+.*' " $vars " | \
30173027 grep -q -e ' &' " '" ' `' ' \$' ' #' ; then
@@ -3031,8 +3041,13 @@ Failed to source the vars file, remove any unsupported characters."
30313041 # shellcheck disable=1090 # can't follow non-constant source. vars
30323042 . " $vars " 2> /dev/null
30333043 notice " Using Easy-RSA configuration from: $vars "
3034- [ " $pki_vars " || \
3035- warn " Move your vars file to your PKI folder, where it is safe!"
3044+ if [ " $user_vars_true " ; then
3045+ : # ok - No message required
3046+ else
3047+ [ " $vars_in_pki " || \
3048+ warn " \
3049+ Move your vars file to your PKI folder, where it is safe!"
3050+ fi
30363051 fi
30373052 fi
30383053
@@ -3758,7 +3773,7 @@ NL='
37583773[ -z " $EASYRSA_NO_UMASK " && umask " ${EASYRSA_UMASK:- 077} "
37593774
37603775# Initialisation requirements
3761- unset -v easyrsa_error_exit user_san_true
3776+ unset -v easyrsa_error_exit user_san_true user_vars_true
37623777
37633778# Parse options
37643779while : ; do
@@ -3841,6 +3856,7 @@ while :; do
38413856 --subca-len)
38423857 export EASYRSA_SUBCA_LEN=" $val "
38433858 --vars)
3859+ user_vars_true=1
38443860 export EASYRSA_VARS_FILE=" $val "
38453861 --copy-ext)
38463862 empty_ok=1
@@ -3904,6 +3920,7 @@ vars_setup
39043920# determine how we were called, then hand off to the function responsible
39053921case " $cmd " in
39063922 init-pki|clean-all)
3923+ no_pki_required=1
39073924 init_pki " $@ "
39083925 ;;
39093926 build-ca)
0 commit comments